Analysis
-
max time kernel
178s -
max time network
132s -
platform
android_x86 -
resource
android-x86-arm-20240603-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system -
submitted
05-06-2024 18:13
Static task
static1
Behavioral task
behavioral1
Sample
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
Resource
android-x86-arm-20240603-en
Behavioral task
behavioral2
Sample
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240603-en
General
-
Target
98e2bfe512283b86a8eb13d6868149df_JaffaCakes118.apk
-
Size
3.9MB
-
MD5
98e2bfe512283b86a8eb13d6868149df
-
SHA1
3ea5a9da21b003663ac7409e0da321c56bbfbdc2
-
SHA256
b308e2f74a8b380629eb7b219960c7caae020491a6d40d143472c89423b229bd
-
SHA512
eb2adb1f0c14cb4fa843542dd4a0511d2fd51cc9ffbabb62fe6389f9d822b33e50a1994c0ea66065d2826a26c517190626fa8f0c5cfb6e0ca8cf16a4db281a4c
-
SSDEEP
98304:pZnuJaIxkySoUpIB2IsiKGEIpCCOeVSJReccU0YYpNt5gKE7:pYDzeU/XEJCXSknUZK5C
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /sbin/su com.wRoyalGrocery_8098929:Metrica /system/app/Superuser.apk com.wRoyalGrocery_8098929:Metrica -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wRoyalGrocery_8098929 Framework service call android.app.IActivityManager.getRunningAppProcesses com.wRoyalGrocery_8098929:Metrica -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.wRoyalGrocery_8098929 -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wRoyalGrocery_8098929 Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.wRoyalGrocery_8098929:Metrica -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.wRoyalGrocery_8098929 -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.wRoyalGrocery_8098929 Framework service call android.app.job.IJobScheduler.schedule com.wRoyalGrocery_8098929:Metrica -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.wRoyalGrocery_8098929:Metrica Framework API call javax.crypto.Cipher.doFinal com.wRoyalGrocery_8098929
Processes
-
com.wRoyalGrocery_80989291⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4378
-
com.wRoyalGrocery_8098929:Metrica1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4438
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
234B
MD571b01703869493d58fe0882aeddec6f4
SHA15e1e55a1ff58e3199c4b1c5eabeda7c76f8c732d
SHA2567a1734da5ca4a5aaf802dd027cf5e3073184fa64c9159412e88b5ae2ef8dca00
SHA512780b48782c91fb9ad7f252bdd823788c6de71029ee870ade7e3294b9880b28be6dc8ce14f0cec118bc4450f1c40899dcc9ca1ff211d7c88d832c2ed3cc7a0d3d
-
Filesize
36KB
MD5af65013f106ae186526e738dae12880b
SHA161b5216c60aef205c95b7eedca00ddffda17952e
SHA256e0efc4d0580ab9c888de3f18b365ba94c52c0462663b02a048a0b8ae671efbeb
SHA512127fd2406da12c514fdc5612c74592f097edbccfd6c28d597aaed9128109f2a50fc662944a8ff3cbd89a712676f1b88207cff3f7e4ea0ac689b76ad698072d55
-
Filesize
8KB
MD599827129918f0c964f6ec11f7f1959f0
SHA1b26615dc9d0e4152873f3a9ff2ad849403ad1988
SHA2564516558589886ae757e4e20f9ae5e351d21971bea3bad5bf20ff9b7aa3f8508c
SHA512b6b14d9727d343ec4045b208140a3509809d4d3e023d813f35a2a7e70f14709819af8c76931fd3dd4ae4e8c3461e225ef2585045f9fde089aa617425acd5990f
-
Filesize
32KB
MD52ebdc7b5dfb3ff15d637175f5962e32b
SHA18110e5c4fd13cf962f8c224cc8687b42ce18f858
SHA2566ec1b9452a77e404de7382f84d8164f60cea2741ea8cbd6ce4accb83e328b444
SHA51292553fd7390443ee6ec2dab202216bdbb3df20aafc82d2804b1d55b8375eafb2aacb3b64a70041f65dd6cc6bb2bf9b495b2f354e6bcc821a5424a0df77770306
-
Filesize
406KB
MD57db650dfc2d3a01fbc5f3727f24b1d45
SHA1fd5becef88ea10ab9015a099f7eac76078d28f10
SHA256af2399a28e6cd79113347a1e1a1155696ecfce2711ea00e2097a65ace50064f5
SHA5125380c6e39533c8b29d30ad0cf4e507fbf6ce2b5bac5a060e748af006cdf80d674dc5acf2a0ac40b1c8fb1b3df13bb8f9601072f18491a943dc3c3dc5d1e7fad2
-
/data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize4KB
MD5cd9d4341366c66d4e67c5865b0559000
SHA1f853dc8b02a074e15e5f5ea1f5eea8602af3fd52
SHA25613f37e814bf3cbe0ef5bf89ca8f1f814bc0d42c1a6c571ebd72bf34f02658cfe
SHA5124611443a50f446fdf9eb78eb02684755053ca5453a2266a22a3255a7b6f6bfc041ad07b0a10fd37c5d09c20f4b6057fa4830f64bfa1a2a16cce578dc7e66cf3c
-
/data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize512B
MD546b5cfef643d5ef986b28d366a0ffb51
SHA1d20ad39df39d6db78846c0bc336f5380b524f832
SHA25694dd05d9850cfa386986c91a06ccf8efcc1db76547e37c5ee5d7ec8a61272b24
SHA51207a1319f5d9d9c46d5f3611af25b59c113fc3df4e1c87dd88a978d4804bfa81a6d4892228ee929467cbff123663e4ab26eb1d3e390afe610a47e68410075af86
-
/data/data/com.wRoyalGrocery_8098929/no_backup/db_metrica_com.wRoyalGrocery_8098929_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize164KB
MD59c257d03f332d9bcdfacd8147c5215c4
SHA157ca361959f7d8836d21147497558a326f34691b
SHA2565cc47e0fe1cb9a800191091b83bcef8f0f7a27d1f56de91735acafdb365edbad
SHA512c6fc3c83ec4491b6020c830777f7a96d1007b362a02454dad80931e627c9685b2cd8497e239289f68e7edaaa824bdc3577cde05c31f184e0981d6bc39d270c11
-
Filesize
20KB
MD5bd44b5d882bb5b2cc3bf4b86b49e18b6
SHA1c2b333cdea2fba2237cba03f2faa42f9c303fea2
SHA256c8a6e88f2b30523b4b7d3a4282a8ae7c05fe6786a6452edc8594272c2cc07483
SHA5120ef4ad054dc728f3b8e177cc3b48012a8c682780e7a47a15633b30259adf772c07995d97ab9de4fbfa1040941e674bb7f42e87115c531b823fabf736d5404fd5
-
Filesize
20KB
MD592a9835a2afaa45513245269219af36f
SHA1c2bcb75b0a4660e3f54bfc1c4d89caa38ded997c
SHA2569c2e8836a67800a2e870732ccebe2294f5eeff05907f8dcfd045bb98fdc0cad5
SHA51274349cad494b100a33bebfa6850acf37f73630c3607b52daf1ec3a2eaf234617016d2aad72f46d3bba6dcc6040788d4c098e8d2d6b333f9a0351a3ac97cb4afd
-
Filesize
20KB
MD544def4f6e42c3ec63f229d23af8c804a
SHA1f5956d9295778b539bced03215343fd3cf7a9dd8
SHA256882faff2a0f007164d5dbda7bd7f803306423b5eb48a88b1bb72bde65b77e50a
SHA512a14770398044635a8a8fc0d59dc95af3a97ae78146a9ace3795d600a44098a5ff7099aa3d0ac40442f8ff8c5d3b5ceecb4b360bf47f3e8c7c902879e2e76228d
-
Filesize
20KB
MD5b2bf3402fb631a4ce61cd3a1ec1d6c2e
SHA108b2590eff56e5ced6350de286746aea81266bfc
SHA2568c1f986b8e556a3b910d164979ef91d762bb79bf092677818df55d543bbcbe6e
SHA512033bc35a2062365b6f00633fe971875fa6edd3a3c7eb8eb3bda3cfc225f0e5bf2ff17ad541fab7d925eeafa62a22fe64ebc4e55ca829049c21ee7b1e0b696530
-
Filesize
406KB
MD5ad78d3c355d690c99b7f6c5db1a52cda
SHA191feb7c2882fdcded1d51dd169803ad32117c619
SHA256b9996833e45445ecb6686f2253f6c9b78f154721fe7eca3b5e5ba55eb6f57a0e
SHA51259566c5f1b8c4b737635eeff112c8ba0f2f86bfb20dd07f49acc6b9f61b9969af6d7c3fe80e595af3811ece120bd0f1095df3d3f65306f721a55605f9beb364a
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD528be3972f7ba9f495f13989b990ec183
SHA1eef866319212b41c36fd72f602d332c236542a12
SHA256c7f4c3499d589cf6e4e70fa0224da0faeef2152665e7632f14c28abf80668f35
SHA5127cde6616da0bdc81d9240bd94be5d682ed8d5fe8047f0eb48c4ff620b33f8a32dc6877cea70133866052159b11bcf4d258e3526a3853a51330652d7eef65559e
-
Filesize
8KB
MD5884436b08d5406361e8de524d9409e85
SHA1ff6d97514189df44a58d7529180c9e0a30a6158e
SHA2568cd994b25326b56b3e443a892c86ea1824a4beecb0227e888c9c32672b563423
SHA5125fd2c0e6d98b8e9d8bed321f13b47d8375f8c277227cc8a04e0a35726146d06428204ae599f8aebf320ae358ffd27352f734a849cde42b4aed6c15d0a22c2604
-
Filesize
32KB
MD50b65b875a68022da74567221aeebebb0
SHA1c3d792a96b5b66d9c27bc9991335d9c7112be51d
SHA25607d72e2c4650863f39ce31b5f91b5959e85ef6732783f9dd5d82f114d844d9e5
SHA5120cdf6283c0fecf5661c094348c2c7f6b2a8b1f900b56119f171e4e3f6d440c67da3bcef96f4b732425d853768bd30e231373282587c1a1040b536aab5945deb6
-
Filesize
44KB
MD535ca33e0541c23f18cccd458b204d6cf
SHA168d1031b068cc09b884d034f5863f4055693ae9f
SHA256531196c8a7f6b7898da5115c1a348f1d06f532c66fc6542a847d15bc38b9331a
SHA512ca44c2da159ff6eaf6e3d334880529581c4fa63f3cfaeed26ba4b8b9ca6730aec66b7040b65d45806e5732a1d07ae0207307115f9f81e5c0da9d259b39d5960f